[Cubicweb] Pyro and ZMQ deprecated?

Dimitri Papadopoulos Orfanos dimitri.papadopoulos at cea.fr
Thu Mar 6 09:14:49 CET 2014


Yann,

Clearly "signedrequest" should not be used for real users for the exact
reasons you're referring to: it's not a manageable solution. Use plain
CubicWeb accounts or whatever already exists out there: LDAP server,
WebID, etc.

On the other hand "signedrequest" does suit scripts running on system
accounts on servers. It may also suit applications on smartphones and
tablets where you authenticate a specific device instead of a human user
- but I think that's not the context we're interested in.

Clouds often offer both ways of authenticating. See for example:
https://developers.google.com/storage/docs/json_api/v1/how-tos/authorizing

-- 
Dimitri Papadopoulos
CEA/Saclay
I2BM, NeuroSpin
F-91191 Gif-sur-Yvette cedex, France



More information about the Cubicweb mailing list